What is the difference between shodan.io and shadowserver.org ? Jean
Just those 2? Greynoise maps them all. See an old preso from 2018:
See slide 7 for a 4 year old list which has only grown 
-Hank
Great list.
ShadowServer is there twice on page 7. They must be noisy 
Jean
If you want to identify which peering links are sending you spoofed DDoS amplification request traffic and which (Shadowserver identified) IPs in your network the traffic is going to, please take a look at my Tattle Tale project: GitHub - racompton/tattle-tale: A platform using the ELK stack to detect spoofed UDP DDoS amplification request traffic with netflow
Identify which peers are sending you the spoofed UDP amplification traffic and "encourage" them to follow BCP 38/84!
The project has this file to identify legitimate scanning traffic: tattle-tale/81-filter-scanners.conf at main · racompton/tattle-tale · GitHub
-Rich
    CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.
    Great list.
    ShadowServer is there twice on page 7. They must be noisy
    Jean